The Electronic Privacy Information Center (EPIC) asked Congress to use the reauthorization of the National Telecommunications & Information Administration (NTIA) to finally protect Americans during the rise of the Internet of Things (IoT) in seemingly every aspect of modern life.
"The implications of Internet of Things for consumer privacy and security are far-reaching," the privacy group said in a letter to the head of US House Subcommittee on Communications and Technology. "If the NTIA fails to develop appropriate safeguards, the country will face growing risk."
EPIC isn't alone in thinking IoT devices are a threat. Everyone from Google, which announced in December 2016 a new platform meant to help IoT companies secure their products, to Virginia Senator Mark Warner has called for safer connected devices. These products are threatening on both the individual and national levels. Allowing manufacturers to continue to release them without basic protections is like asking for something bad to happen.
Indeed, some of those bad things have already happened. Popular services like Twitter and Spotify were unreachable for several hours in October 2016 because of an attack on critical infrastructure by malware-affected IoT devices. In December, the Institute for Critical Infrastructure Technology said nations could exploit vulnerabilities in IoT devices for their own purposes, which could lead to a dangerous back-and-forth between various countries.
EPIC asked NTIA to address these problems with consumer protections that:
Promote Privacy Enhancing Techniques (PETs) that minimize or eliminate the collection of personal information.Ensure routine security updates for IoT devices; andCarefully assesses IoT deployment for critical functions, including transportation, home security, and medical devices.The NTIA’s multi-stakeholder processes are simply not working – they result in weak, voluntary self-regulatory regimes. Industry self-regulatory programs do not provide meaningful privacy protections. The NTIA should support a strong legal framework that protects American Internet users and promotes public safety.